schneier

TEMPEST is the covername used by the NSA and other agencies to talk about emissions from computing machinery that can divulge what the equipment is processing. We’ve covered a few projects in the past that specifically intercept EM radiation. TEMPEST for Eliza can transmit via AM using a CRT monitor, and just last Fall a group showed how to monitor USB keyboards remotely. Through the Freedom of Information Act, an interesting article from 1972 has been released. TEMPEST: A Signal Problem (PDF) covers the early history of how this phenomenon was discovered. Uncovered by Bell Labs in WWII, it affected a piece of encryption gear they were supplying to the military. The plaintext could be read over that air and also by monitoring spikes on the powerlines. Their new, heavily shielded and line filtered version of the device was rejected by the military who simply told commanders to monitor a 100 feet around their post to prevent eavesdropping. It’s an interesting read and also covers acoustic monitoring. This is just the US history of TEMPEST though, but from the anecdotes it sounds like their enemies were not just keeping pace but were also better informed.

Adeona is an open source internet-based laptop tracking system that is free to use. It’s available for Linux, OSX, and Windows XP/Vista. After installation, Adeona will submit at random intervals, anonymously encrypted updates on the computer’s location to servers on the Internet, specifically to OpenDHT, a free storage service. The information is kept on the servers for one week. If your laptop becomes lost or stolen, you can use the retrieval tool to access information about where your laptop was last used: the external IP address, internal IP address, and nearby routers. If your laptop is a Mac, you can also download isightcapture to grab a picture of the thief. Adeona is designed to protect against common criminals who may not have much technological knowledge, and does not have any protections against events such as disk wipes. The open source nature of Adeona’s system means that there’s ample opportunity to improve upon the release or add extensions. Here’s one user who really likes what he sees.

A wry editorial on Time Magazine’s site about tapping into your neighbors’ Wi-Fi tells of how the author [Lev Grossman] stole internet access from his neighbors’ open networks for years. He finally decided to pay for his own connection, which he fittingly leaves on an open network. He makes the point that leaving it open is a violation of his TOS agreement, but he doesn’t seem particularly bothered by the notion of people tapping into his network.

[Bruce Schneier] takes an even stronger stance on the issue, suggesting that it is not only safe to leave your network open, but a matter of politeness toward your guests, similar to providing them with basic amenities. He also mentions that if your computers are not adequately secured, network security won’t make much of a difference. We tend to agree with [Schneier] on this: we also leave our network completely open.

That’s not to say [Grossman] doesn’t have a point about the unreliability of pilfered internet access, noting “I always seemed to lose connectivity just when I was about to send a crucial e-mail.” Sure, we leave our network open, but we have to pay for our internet access. We really can’t afford not to. One thing [Grossman] didn’t mention (neither did [Schneier], but he wrote his article before this happened), is that a Maryland bill that would criminalize leeching Wi-Fi has been shot down. The first legislation of its kind, the defeat of the bill mean citizens of Maryland are free to leech from open networks without fear of prosecution, but it sets a precedent that may influence future rulings.

Honestly, we were originally sent this Q&A with famed cryptographer [Bruce Schneier] as a restaurant recommendation (112 Eatery, Minneapolis). Posted last fall on NYTimes’ Freakonomics blog it covers [Bruce]’s opinion on nearly everything. Here are a few items in particular that really stuck out to us:

The most immediate threat to the average person is crime – in particular, fraud. And as I said before, even if you don’t store that data on your computer, someone else has it on theirs. But the long-term threat of loss of privacy is much greater, because it has the potential to change society for the worse.

What you’re really asking me is about the security. No one steals credit card numbers one-by-one, by eavesdropping on the Internet connection. They’re all stolen in blocks of a million by hacking the back-end database. It doesn’t matter if you bought something over the Internet, by phone, by mail, or in person – you’re equally vulnerable.